From ef3cf7ba63a3eeeb2cd5087d5c1f97e1648cf996 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Torma=20Krist=C3=B3f?= <tormakristof@tormakristof.eu>
Date: Sun, 22 May 2022 23:07:20 +0200
Subject: [PATCH] a very special endpoint

---
 roles/webgateway/templates/certbot.sh |  1 +
 roles/webgateway/templates/nginx.conf | 28 +++++++++++++++++++++------
 roles/webgateway/vars/main.yaml       |  2 +-
 3 files changed, 24 insertions(+), 7 deletions(-)

diff --git a/roles/webgateway/templates/certbot.sh b/roles/webgateway/templates/certbot.sh
index 30ea66e..36a0743 100644
--- a/roles/webgateway/templates/certbot.sh
+++ b/roles/webgateway/templates/certbot.sh
@@ -1,5 +1,6 @@
 #!/bin/bash
 # {{ansible_managed}}
+certbot renew --nginx --cert-name tormakristof.eu
 {% for proxysite in proxy %}
 certbot renew --nginx --cert-name {{ proxysite.domain }}
 {% endfor %}
diff --git a/roles/webgateway/templates/nginx.conf b/roles/webgateway/templates/nginx.conf
index e6af431..dc32e53 100644
--- a/roles/webgateway/templates/nginx.conf
+++ b/roles/webgateway/templates/nginx.conf
@@ -66,7 +66,7 @@ http {
             return 301 https://$host$request_uri;
         }
 
-        {% for proxysite in proxy %}
+        {%- for proxysite in proxy %}
         server {
             listen 443 ssl http2;
             listen [::]:443 ssl http2;
@@ -80,9 +80,9 @@ http {
             }
         }
 
-        {% endfor %}
+        {%- endfor %}
 
-        {% for staticsite in static %}
+        {%- for staticsite in static %}
         server {
             listen 443 ssl http2;
             listen [::]:443 ssl http2;
@@ -95,9 +95,9 @@ http {
             }
         }
 
-        {% endfor %}
+        {%- endfor %}
 
-        {% for redirectsite in redirect %}
+        {%- for redirectsite in redirect %}
         server {
             listen 443 ssl http2;
             listen [::]:443 ssl http2;
@@ -107,5 +107,21 @@ http {
             return 301 {{ redirectsite.destination }};
         }
 
-        {% endfor %}
+        {%- endfor %}
+
+        server {
+            listen 443 ssl http2;
+            listen [::]:443 ssl http2;
+            server_name tormakristof.eu;
+            ssl_certificate /etc/letsencrypt/live/tormakristof.eu/fullchain.pem;
+            ssl_certificate_key /etc/letsencrypt/live/tormakristof.eu/privkey.pem;
+            root /var/www/tormakristof.eu;
+            location /{
+                return 301 https://www.tormakristof.eu;
+            }
+            location /.well-known{
+                try_files $uri $uri/ =404;
+            }
+        }
+
 }
diff --git a/roles/webgateway/vars/main.yaml b/roles/webgateway/vars/main.yaml
index d2160b2..7325915 100644
--- a/roles/webgateway/vars/main.yaml
+++ b/roles/webgateway/vars/main.yaml
@@ -15,7 +15,7 @@ proxy:
 
 
 static:
-  - {domain: tormakristof.eu, directory: /var/www/tormakristof.eu, repo: "https://github.com/tormachris/localroot-tormakristof.eu.git"}
+  []
 
 redirect:
   []